When perfoming create SSOToken and decode SSOToken on Agent API, if the current keys do not match, PaddingException is thrown and does not proceed with last key process. As a result, AgentAPI fails to SSO and an error message below appears in Agent API log .

"AgentAPI decode ssoToken result : RETURN_CODE=[-1]"

Environment:

Agent API - CA SSO 12.0 SP03 or later version.

Cause:

Crypto-J which is Library of RSA in AgentAPI is designed to throw PaddingException if current keys do not match.

This issue may occur under the condition where..

-Using FIPs Only mode.

-Using Agent API - CA SSO 12.0 SP03 or later version.

-Agent key rollover is configured

Resolution:

This issue occurs due to the design of RSA in AgentAPI.

It will be changed on AgentAPI side not to throw PaddingException even if current keys do not match.